| 发明名称 |
Database system, computer system, and computer-readable storage medium for decrypting a data record |
| 摘要 |
A database system comprising: a memory containing multiple data records, wherein each of the data records has a data record asymmetric key pair for cryptographic encryption and decryption, wherein each data record asymmetric key pair comprises a data record public key and a data record private key, wherein the data contained in each of the multiple data records is encrypted by the data record public key, wherein the data record private key of each data record asymmetric key pair is encrypted with the public key of another asymmetric key pair; a set of user accounts, wherein each of the user accounts has a user asymmetric key pair for encryption and decryption, wherein each user asymmetric key pair has a user public key and a user private key; wherein data is added to a data record by encrypting it with the data record public key; wherein access to the data record is granted to a user account by encrypting the data record private key with the public key of an asymmetric cryptographic key pair whose encrypted private key is accessible from the user account via a sequence of successive decryptions of encrypted private keys; and wherein the data record private key allows decryption of the data record. |
| 申请公布号 |
US8887254(B2) |
申请公布日期 |
2014.11.11 |
| 申请号 |
US201012968537 |
申请日期 |
2010.12.15 |
| 申请人 |
Compugroup Medical AG |
发明人 |
Spalka Adrian;Lehnhardt Jan |
| 分类号 |
G06F11/30 |
主分类号 |
G06F11/30 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A database system comprising:
a memory containing multiple data records, wherein each of the data records has a data record asymmetric key pair for cryptographic encryption and decryption, wherein each data record asymmetric key pair comprises a data record public key and a data record private key, wherein each of the multiple data records is at least partially encrypted by its data record public key, wherein the data record private key of each asymmetric key pair is encrypted, wherein the memory contains a representation of a directed acyclic graph, wherein paths along the directed acyclic graph each have a starting node and an ending node, forming a chain of nodes; a set of user accounts, wherein each of the user accounts has a user asymmetric key pair for encryption and decryption, wherein each user asymmetric key pair has a user public key and a user private key, wherein the user public key is computed using the user private key; wherein each starting node corresponds to one of the set of user accounts, wherein each ending node corresponds to one of the multiple data records; wherein data is added to a data record by encrypting it with the data record public key, wherein access to the data record is granted to a user account by a cryptographic access key encrypted with the user public key, wherein a directed path formed by the chain of nodes starting at the starting node and ending at the ending node allows decryption of the data record using the cryptographic access key. |
| 地址 |
Koblenz DE |
